Skills
skills/dataslayer-ai/marketing-skills/ds-report-pdf/Gen Agent Trust Hub

ds-report-pdf

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to write a Python script using the reportlab library and execute it via the bash tool to generate PDF files in the local filesystem.
  • [EXTERNAL_DOWNLOADS]: At runtime, the skill executes pip install commands to download and install the reportlab and pillow packages from the public Python Package Index (PyPI).
  • [EXTERNAL_DOWNLOADS]: The skill includes functionality to download remote image files (logos) from URLs provided by the user and embed them into the generated PDF reports.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from user-provided files (CSV, JSON) and manual chat input, which is then interpolated into the generated Python code and the final PDF document.
  • [COMMAND_EXECUTION]: The skill uses the cat command to write user-defined configuration settings into a local file named dataslayer-config.json for persistence across sessions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 03:40 AM